The world’s two most popular mobile platforms are affected by a security vulnerability called Broadpwn and which allows attackers to gain remote code execution rights on unpatched devices.

The security flaw was discovered by Exodus Intelligence researcher Nitay Artenstein and is documented in CVE-2017-3544. It describes a vulnerability in Broadcom’s BCM43xx Wi-Fi chips that are being used on a wide variety of Android devices, as well as on Apple’s iPhone.

Google rushed to patch the vulnerability with the July Android Security Bulletin, confirming that Broadpwn can even be triggered remotely with zero user interaction. This means that attackers could exploit the vulnerability without users noticing it, and they can bypass modern security solutions like DEP and ASLR.

The majority of Android phones are said to be vulnerable to attacks as well, including models... (read more)